Zero-day attacks increase 40%

Aug 17, 2017

The second quarter of 2017 reveals some worrying trends in cybercrime that have organisations reassessing their cybersecurity. In their Q2 Report, research facility PandaLabs reveals a startling increase in zero-day attacks – up 40% from the previous quarter.Data collected by Panda Security’s Collective Intelligence technology indicates that cybercriminals are increasingly using more advanced attack tactics to ensure the success and profitability of their efforts.A key trend drawn from the Q2 Report, is that of the targeted and sophisticated nature of zero-day attacks. Further insights emphasise the need to supplement traditional AV products with advanced security solutions which are able to block zero-day threats.Q2 of 2017 has come to be defined by two sophisticated global cyberattacks. The first of which — WannaCry, has been labelled one of the largest attacks in history, causing estimated losses of R52-billion worldwide. A large number of South African organisations felt the full effects of this advanced attack — proving once again that no country is immune to these new generation threats.Within a few weeks of WannaCry, a second attack was launched. Although originally targeted at Ukrainian organisations ahead of their elections, Petya ultimately spread to 60 countries across the world.Jeremy Matthews, regional manager of Panda Security Africa says: “The cyberattacks we saw in Q2 had a devastating effect on organisations around the world, and drives home the need for South African business leaders to invest in a new security paradigm, moving away from simply trusting commoditised AV to keep them protected.”. Main Conclusions from the Quarter:* Cybercriminal Groups are on the rise – Shadow Brokers, the group that rose to infamy when they used stolen NSA data to launch WannaCry, plan to continue publishing stolen NSA data, and the cyberarms race continues to escalate.* Individuals and businesses, in the crosshairs: Out of all the machines protected by a Panda Security solution, 3.44% of them were attacked by unknown threats, representing an increase of almost 40% from the previous quarter.* Cyberwarfare: the second quarter of the year has marked two of the largest cyberattacks in history. WannaCry and Petya have shown us that governments are preparing for cyberwarfare, but are not taking the necessary precautions to ensure internet users and connected devices do not become collateral victims.* Ransomware attacks are still on the rise as it continues to be a profitable avenue for cybercriminals. This kind of attack could be phased out if organisations and individuals adopt more effective security solutions and maintain their backups, eliminating the need to pay attackers to have data restored.* “Zero-day” exploits are a highly sought after attack mechanism. They are completely unknown by the manufacturer of the affected software and allow attackers to compromise computers, even if their software is updated. In April, a vulnerability was discovered which affected various versions of Microsoft Word, and we know that it was being used by attackers from at least January. In that same month of April, Microsoft published a corresponding update to protect Office users* IoT and Smart Cities bring immense security risks that give attackers a multitude of new vectors. Last June, WannaCry infected 55 cameras located at traffic lights and speed control points in Australia after a subcontractor connected an infected computer to the network where they were located.